extensions/libipt_owner.man - platform/external/iptables - Git at Google

 This module attempts to match various characteristics of the packet
 creator, for locally-generated packets.  It is only valid in the
 .B OUTPUT
 chain, and even this some packets (such as ICMP ping responses) may
 have no owner, and hence never match.
 .TP
 .BI "--uid-owner " "userid"
 Matches if the packet was created by a process with the given
 effective user id.
 .TP
 .BI "--gid-owner " "groupid"
 Matches if the packet was created by a process with the given
 effective group id.
 .TP
 .BI "--pid-owner " "processid"
 Matches if the packet was created by a process with the given
 process id.
 .TP
 .BI "--sid-owner " "sessionid"
 Matches if the packet was created by a process in the given session
 group.
 .TP
 .BI "--cmd-owner " "name"
 Matches if the packet was created by a process with the given command name.
 (this option is present only if iptables was compiled under a kernel
 supporting this feature)
	This module attempts to match various characteristics of the packet
	creator, for locally-generated packets. It is only valid in the
	.B OUTPUT
	chain, and even this some packets (such as ICMP ping responses) may
	have no owner, and hence never match.
	.TP
	.BI "--uid-owner " "userid"
	Matches if the packet was created by a process with the given
	effective user id.
	.TP
	.BI "--gid-owner " "groupid"
	Matches if the packet was created by a process with the given
	effective group id.
	.TP
	.BI "--pid-owner " "processid"
	Matches if the packet was created by a process with the given
	process id.
	.TP
	.BI "--sid-owner " "sessionid"
	Matches if the packet was created by a process in the given session
	group.
	.TP
	.BI "--cmd-owner " "name"
	Matches if the packet was created by a process with the given command name.
	(this option is present only if iptables was compiled under a kernel
	supporting this feature)